/**
 *
 */
package com.imooc.security.browser;

import com.imooc.security.core.authentication.AbstractChannelSecurityConfig;
import com.imooc.security.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import com.imooc.security.core.authorize.AuthorizeConfigManager;
import com.imooc.security.core.properties.SecurityConstants;
import com.imooc.security.core.properties.SecurityProperties;
import com.imooc.security.core.validate.code.ValidateCodeSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.session.InvalidSessionStrategy;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;
import org.springframework.social.security.SpringSocialConfigurer;

import javax.sql.DataSource;

/**
 * @author zhailiang
 *
 */
@Configuration
public class BrowserSecurityConfig extends AbstractChannelSecurityConfig {

    @Autowired
   	private SecurityProperties securityProperties;

   	@Autowired
   	private DataSource dataSource;

   	@Autowired
   	private UserDetailsService userDetailsService;

   	@Autowired
   	private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

   	@Autowired
   	private ValidateCodeSecurityConfig validateCodeSecurityConfig;

   	@Autowired
   	private SpringSocialConfigurer imoocSocialSecurityConfig;

   	@Autowired
   	private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;

   	@Autowired
   	private InvalidSessionStrategy invalidSessionStrategy;

   	@Autowired
   	private LogoutSuccessHandler logoutSuccessHandler;

   	@Autowired
   	private AuthorizeConfigManager authorizeConfigManager;

//   	@Autowired
//   	private FormAuthenticationConfig formAuthenticationConfig;

    @Override
   	protected void configure(HttpSecurity http) throws Exception {

   		applyPasswordAuthenticationConfig(http);

   		http.apply(validateCodeSecurityConfig)
   				.and()
   			.apply(smsCodeAuthenticationSecurityConfig)
   				.and()
			.apply(imoocSocialSecurityConfig)
				.and()
   			.rememberMe()
   				.tokenRepository(persistentTokenRepository())
   				.tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds())
   				.userDetailsService(userDetailsService)
   				.and()
            .sessionManagement()
                .invalidSessionStrategy(invalidSessionStrategy)
                .maximumSessions(securityProperties.getBrowser().getSession().getMaximumSessions())
                .maxSessionsPreventsLogin(securityProperties.getBrowser().getSession().isMaxSessionsPreventsLogin()) // 如果设置为true，登录人数达到最大时，阻止后来的登录（防踢）
                .expiredSessionStrategy(sessionInformationExpiredStrategy)
                .and()
                .and()
			.logout()
				.logoutUrl("/signOut")
//				.logoutSuccessUrl("/imooc-logout.html")
				.logoutSuccessHandler(logoutSuccessHandler)
				.deleteCookies("JSESSOIN")
				.and()
//   			.authorizeRequests()
//   				.antMatchers(
//   					SecurityConstants.DEFAULT_UNAUTHENTICATION_URL,
//   					SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_MOBILE,
//   					securityProperties.getBrowser().getLoginPage(),
//   					SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/*",
//                    securityProperties.getBrowser().getSignUpUrl(),
//					securityProperties.getBrowser().getSession().getSessionInvalidUrl(),
//					securityProperties.getBrowser().getSignOutUrl(),
//                    "/user/regist")
//   					.permitAll()
//				.antMatchers(HttpMethod.GET, "/user/*").hasRole("ADMIN")
//   				.anyRequest()
//   				.authenticated()
//   				.and()
   			.csrf().disable();

        authorizeConfigManager.config(http.authorizeRequests());
   	}

	@Bean
	public PersistentTokenRepository persistentTokenRepository() {
		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
		tokenRepository.setDataSource(dataSource);
//		tokenRepository.setCreateTableOnStartup(true);
		return tokenRepository;
	}

}
